Re: Last Call: <draft-ietf-netmod-system-mgmt-15.txt> (A YANG Data Model for System Management) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

The IESG <iesg-secretary@xxxxxxxx> wrote:
> 
> The IESG has received a request from the NETCONF Data Modeling Language
> WG (netmod) to consider the following document:
> - 'A YANG Data Model for System Management'
>   <draft-ietf-netmod-system-mgmt-15.txt> as Proposed Standard
> 
> The IESG plans to make a decision in the next few weeks, and solicits
> final comments on this action. Please send substantive comments to the
> ietf@xxxxxxxx mailing lists by 2014-05-13. Exceptionally, comments may be
> sent to iesg@xxxxxxxx instead. In either case, please retain the
> beginning of the Subject line to allow automated sorting.

The data model in in this draft has this structure (objects unrelated
to SSH keys removed)

           +--rw user* [name]
               +--rw name        string
               +--rw ssh-key* [name]
                  +--rw name         string
                  +--rw algorithm    string
                  +--rw key-data     binary

The intention is that the separation of the key with two leafs,
"algorithm" and "key-data" makes it easy to cut-and-paste from keys
generated with ssh-keygen etc.  (The encoding of type binary in YANG
is base64, which happen to match the key format.  So the operator can
set the "algorithm" and paste the base64 encoded blob into "key-data".)

During implementation of ssh key handling, we realized that the
description of the objects related to SSH keys probably need some
clarifications. 

Specifically, the list "ssh-key" and the leaf "key-data" are unclear.
After consulting with people at ietf-ssh@xxxxxxxxxx, I propose the
following changes:

OLD:

         list ssh-key {
           key name;
           description
             "A list of public SSH keys for this user.";
           reference
             "RFC 4253: The Secure Shell (SSH) Transport Layer
                        Protocol";

NEW:

        list authorized-key {
           key name;
           description
             "A list of public SSH keys for this user.  These keys
              are allowed for SSH authentication, as described in
              RFC 4253.";
           reference
             "RFC 4253: The Secure Shell (SSH) Transport Layer
                        Protocol";

OLD:

           leaf key-data {
             type binary;
             mandatory true;
             description
               "The binary key data for this ssh key.";
           }

NEW:

          leaf key-data {
             type binary;
             mandatory true;
             description
               "The binary public key data for this ssh key, as
                specified by RFC 4253, Section 6.6, i.e.,:

                  string    certificate or public key format
                            identifier
                  byte[n]   key/certificate data
                ";
             reference
               "RFC 4253: The Secure Shell (SSH) Transport Layer
                          Protocol";
           }



/martin
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]